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REMARKS 

Prior to entry of this Amendment, the application included claims 1-24. 
Claims 1-24 were rejected in the Office Action mailed February 20, 2009. Claims 1 , 2, 8, 9, 1 2, 
15, and 1 8 have been amended. No claims have been added or canceled. Hence, after entry of 
this Amendment, claims 1-24 stand pending for examination. 

Claims 1-24 stand rejected under 35 U.S.C. § 101 as being directed to non- 
statutory subject matter. Claims 1-24 stand rejected under 35 U.S.C. § 102(e) as being 
anticipated by Lineman et al. (U.S. Publication No. 2003/0065942) ("Lineman"). 

Rejections Under 35 U.S.C. § 101 : 

Claims 1-24 stand rejected as directed to non-statutory subject matter. 
Independent claims 1 and 12 have been amended to overcome the rejections; the rejections of 
claim 21 and its associated dependent claims are respectfully traversed. The Office Action states 
that: "An example of a method claim that would not qualify as a statutory process would be a 
claim that recited purely mental steps. Thus, to qualify as a §101 statutory process, the claim 
should positively recite the particular machine to which it is tied , for example by identifying the 
apparatus that accomplishes the method steps. ..." Office Action, pp. 2, 3, emphasis maintained. 

Independent claims 1 and 12, as amended, recite a "host computer system 
including a processor.... "These limitations tie their respective claims and dependent claims to a 
"particular machine or apparatus." Namely, each is tied to a form of a computing device. 

As the claims presently stand, it is impossible to perform all of the method steps 
recited in the independent claims without the use of a particular apparatus. Thus, each of claims 
1 and 12, and the claims that depend therefrom, satisfy the requirements of §101 . The 
withdrawal of the §101 rejections is respectfully requested. 

With regard to claim 21 , claim 21 is not a method claim. Claim 21 recites: 

A computer-readable storage medium having a computer-readable 
program embodied therein for direction operation of a security 
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compliance authority server including a communications system, a 
processor, and a storage device, wherein the computer-readable 
program includes instructions for operating the security 
compliance authority server to assess a security risk for an 
merchant entity having connectivity to a shared network in 
accordance with the following:. . . 

Emphasis added. This is not a process claim, therefore the precedence cited by the Office Action 

is not relevant to the claim. Applicant respectfully requests withdrawal of the § 1 01 rejections of 

claim 2i and its associated dependent claims. 

Rejections Under 35 U.S,C 102(e) : 

Claims 1-24 stand rejected as anticipated by Lineman. The Office Action states 

that claim 1 , in its entirety, is taught by paragraphs 36-39 and 78-96 of Lineman. Office Action, 

pp. 3, 4. Applicant respectfully traverses this rejection. Claim 1 recites: 

receiving at a host computer system including a processor, from each of 
a plurality of payment-processing organizations, a set of security 
requirements defining protocols for implementing commercial 
transactions over the shared network using instruments identified with 
the payment-processing organization; developing with the processor at 
the host computer system, a security test scheme having a set of test 
requirements whose satisfaction by the merchant entity is sufficient to 
ensure compliance with the sets of security requirements defined by each 
of the plurality of payment -processing organizations. . ... 

Emphasis added. Claims 12 and 21 contain similar recitations. 

Lineman discloses a software program capable of creating and managing security 

policies on a network. Lineman, Abstract. 

The disclosed software is directed to electronically creating a security 
policy document, which contains appropriate controls required to enforce 
the security policy on various computing platforms. The disclosed 
software creates a direct link between the security policy documents that 
arc created and distributed to people and the controls sent to computers 
on the network. 

hi, at %%. More specifically, Figure 2, reproduced here, illustrates the steps for creating, 
managing and enforcing security policies related to the disclosed software. 
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In describing Figure 2, Lineman states: "The disclosed software enables a security administrator 
to create and edit a security policy document (block 70). " Lineman, ^]32, emphasis added. This 
is different from the recitations of claims 1,12, and 21 ; Claim 1 recites receiving "from each of 
a plurality of payment-processing organizations. . then "developing. . . a security test scheme 
having a set of test requirements. ... is sufficient to ensure compliance with the sets of security 
requirements defined by each of the plurality of payment-processing organizations." Emphasis 
added. 

For at least this reason, not every recitation of claims 1,12, and 21 is taught by 
Lineman. Therefore, a prima facie case of anticipation has not been established. Accordingly, 
Applicant respectfully requests withdrawal of the §102 rejections of claims 1, 12, and 21. 

Claim 5 recites that a satisfaction level of the test requirements required for 
compliance with the test requirements is dependent on "a shared-network transaction volume 
processed by the merchant entity over the shared network." Claim 17 contains a similar 
recitation. Office Action, p. 6. The Office Action states that paragraph 90 of Lineman teaches 
this recitation. Applicant respectfully traverses the rejection. 

Lineman does not disclose any requirements based on a transaction volume. 
Rather, the cited portion of Lineman discloses the use of a "metacommand language to allow the 
security management program and the agent software to communicate in a common 
language. . . Lineman, 1)90. It is unclear how any statement in f 90, or the remainder of the 
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specification, could be fairly read as teaching that a satisfaction level of the test requirements 
required for compliance with the test requirements is dependent on "a shared-network transaction 
volume processed by the merchant entity over the shared network." For at least this reason, 
Applicant respectfully requests withdrawal of the §102 rejection of claims 5 and 17. 

Further, claims 2-1 1, 13-20, and 22-24 each depend, either directly or indirectly, 
from claims 1,12, and 21, and are allowable at least by virtue of their dependence on an 
allowable base claim. 



CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 



Respectfully submitted, 



TOWNSEND and TOWN SEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 303-571-4000 

Fax:415-576-0300 
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